[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: Apt sources.list

>> Now, personally I don't feel this is a threat model that I need to 
>> worry about.  I just use plain old http sources at home, and if
>> "They" learn that I've downloaded rxvt-unicode and mutt, well, good
>> for Them.
> My understanding is that mandating HTTPS for all connections is supposed
> to make it so that those who might be watching can't treat the choice by
> the user to connect via HTTPS as a sign that the user has something to
> hide, and therefore is worth observing more closely.

My understanding is that the effect has been (in intelligence agencies
around the world) to push the development of attacks/tools that target
the ends of the connections rather than trying to spy on the
connections themselves.


        Stefan
Reply to: